4e83838aaec92c5934b971c7f862ebca143e2b41cf84b4b50f9014714fe93a04

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 04:29

Target

327f598bb873183b7fe86571adb91ad0_NeikiAnalytics.exe
Size

79KB
MD5

327f598bb873183b7fe86571adb91ad0
SHA1

6bec4f890b6228400ded65ba6880cd58d9e52757
SHA256

4e83838aaec92c5934b971c7f862ebca143e2b41cf84b4b50f9014714fe93a04
SHA512

e91b54846621b315e8202d79f458ee09c7ffb9fd66073488d6063514a6fa709abef3b0dd6bd4b5bd82566c60b68e1c813f3c1f96be2fb23675e63313847d05ea
SSDEEP

1536:zvlIj2RxFr51zXOQA8AkqUhMb2nuy5wgIP0CSJ+5ymB8GMGlZ5G:zvqjWFr+GdqU7uy5w9WMymN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3232	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4296 wrote to memory of 3388	4296	327f598bb873183b7fe86571adb91ad0_NeikiAnalytics.exe	85
PID 4296 wrote to memory of 3388	4296	327f598bb873183b7fe86571adb91ad0_NeikiAnalytics.exe	85
PID 4296 wrote to memory of 3388	4296	327f598bb873183b7fe86571adb91ad0_NeikiAnalytics.exe	85
PID 3388 wrote to memory of 3232	3388	cmd.exe	86
PID 3388 wrote to memory of 3232	3388	cmd.exe	86
PID 3388 wrote to memory of 3232	3388	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\327f598bb873183b7fe86571adb91ad0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\327f598bb873183b7fe86571adb91ad0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4296
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3388
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3232

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
2c8a161b4a868a23f01a602f175bc9d9

SHA1
cf399dc015544859b16d3a93ef598647ef865156

SHA256
ec5d7379ce8e956d34853c148202a3eaea723b3b18aab2db52c444f54f132e81

SHA512
2e6bd5cae38e8b6f5a936f7729dd85ac89c347673a29ed148fa370a165dd9bcc8d6e53dff2c99469a91533ee19303f1ca4c0fffd50e2c4c6310af0377037eb86

Download Submit
memory/3232-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4296-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download